LinodeLNMP server environment configuration notes

I chose a 1 GB package. The package is $20 every month, and the annual fee is reduced by 10%. The actual payment of $230.21 is equivalent to more than 1400 RMB. Linode1GB Operating System: CentOSLinux6.264bit running environment: Nginx + PHP + MySQL preparation compiling environment deployment: It is very dangerous to enable the compiling environment on the server. To ensure security, I use a virtual machine

I chose a 1 GB package. The package is $20 every month, and the annual fee is reduced by 10%. The actual payment of $230.21 is equivalent to more than 1400 RMB. Linode 1 GB Operating System: CentOS Linux 6.2 64bit running environment: Nginx + PHP + MySQL preparation compiling environment deployment: It is very dangerous to enable the compiling environment on the server, to ensure security, I use a virtual machine.

I chose a 1 GB package. The package is $20 every month, and the annual fee is reduced by 10%. The actual payment of $230.21 is equivalent to more than 1400 RMB.

Linode 1 GB

Operating System: CentOS Linux 6.2 64bit
Running Environment: Nginx + PHP + MySQL

Preparations
Compiling environment deployment:
It is very dangerous to enable the compiling environment on the server. To ensure security, I use a virtual machine to compile the program. After compilation, I can deploy the program to the server.

Download and install CentOS 6.2 64bit Based on the VPS operating system. Because it is only a compilation machine, you only need to install the Minimal version. The download speed is several hundred MB.
Historical ISO files can be found in the http://vault.centos.org.

The Minimal version does not automatically start the network after it is installed. You need to perform the following operations:
Run commands

dhclient -v eth0

Modify file/etc/sysconfig/network-scripts/ifcfg-eth0
Add a line at the end of the file
BOOTPROTO = "dhcp"

Change ONBOOT = "no" to ONBOOT = "yes"

In this way, the network will be automatically connected after startup.

After logging on to the/root directory with root, create two directories: packages and build, which are respectively used to place the installation package and program directories after decompression.
# Installation

yum install gcc makecdmkdir packages build

Create user

groupadd -g 500 www && useradd -g 500 -m -u 500 wwwgroupadd -g 501 Hessian && useradd -g 501 -m -u 501 Hessiangroupadd -g 27 mysql && useradd -d /www/database -M -g 27 -u 27 mysql

Environment Variable

Modify the/etc/profile file and add the following content to the end of the file.

PATH=$PATH:/opt/mysql/binPATH=$PATH:/opt/php/binPATH=$PATH:/opt/nginx/sbin

Run:./etc/profile
(Do not omit spaces in the middle)

Nginx

: Http://nginx.org/en/download.html

1. Download

cd ~/packageswget http://nginx.org/download/nginx-1.4.1.tar.gz

2. Extract

cd ~/buildtar -zxf ~/packages/nginx-1.4.1.tar.gz

3. Solve Dependencies

yum install pcre-develyum install zlib-devel

3. Compile

cd nginx-1.4.1./configure --prefix=/opt/nginx-1.4.1 --with-pcre --with-openssl=/usrmake -j 2 && make install

MySQL

: Http://dev.mysql.com/downloads/mysql

Here I chose the Binary Package.
Linux-Generic (glibc 2.5) (x86, 64-bit), Compressed TAR Archive
Mysql-5.6.11-linux-glibc2.5-x86_64.tar.gz

Download and decompress the package.

PHP

Although YUM provides PHP, I chose to compile it myself for performance and personal needs.
The PHP version I used is 5.3. I don't know if 5.4 will bring any compatibility issues.

: Http://cn2.php.net/get/php-5.3.24.tar.bz2/from/a/mirror

1. Download

cd ~/packageswget http://cn2.php.net/get/php-5.3.24.tar.bz2/from/this/mirror

2. Extract

cd ~/buildtar -zjf ~/packages/php-5.3.24.tar.gz

3. Solve Dependencies

yum install libxml2-develyum install libcurl-develyum install libjpeg-develyum install libpng-develyum install freetype-develyum install autoconf

Libmcrypt is not in yum. It can be downloaded from EPEL.
EPEL (Extra Packages for Enterprise Linux) is a program created by the Fedora community to provide high-quality software Packages for RHEL and its derivative releases, such as CentOS and Scientific Linux.
Install

rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/libmcrypt-2.5.8-9.el6.x86_64.rpmrpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/libmcrypt-devel-2.5.8-9.el6.x86_64.rpm

3. Compile

cd php-5.3.24./configure --prefix=/opt/php-5.3.24 \--with-config-file-path=/opt/php \--with-mysql=mysqlnd \--with-mysql-sock=/tmp/mysql.sock \--with-iconv-dir=/usr \--enable-xml \--with-libxml-dir \--disable-rpath \--enable-safe-mode \--enable-inline-optimization \--with-curl \--enable-mbregex \--with-gd \--enable-zip \--enable-sockets \--enable-mbstring=all \--with-mcrypt \--enable-gd-native-ttf \--with-freetype-dir=/usr \--with-jpeg-dir=/usr \--with-png-dir=/usr\--with-pdo-mysql=mysqlnd \--without-pdo-sqlite \--enable-fpm \--enable-climake -j2make install

4. Compilation Extension

Subsequent steps

cd /optln -s mysql-5.6.11-linux-glibc2.5-x86_64 mysqlln -s nginx-1.4.1 nginxln -s php-5.3.24 phptar -czf servers.tar.gz *

Upload the config file STARTUP script and servers.tar.gz to the server, decompress it to/opt, and place the configuration file and startup script.

VPS Installation Steps

Resolve Dependencies

rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/libmcrypt-2.5.8-9.el6.x86_64.rpmyum install libpng libjpeg freetypeyum install svn

Create user

groupadd -g 500 www && useradd -g 500 -m -u 500 wwwgroupadd -g 501 Hessian && useradd -g 501 -m -u 501 Hessiangroupadd -g 27 mysql && useradd -d /www/database -M -g 27 -u 27 mysql

Upload and decompress
Place servers.tar.gz, configuration file, and startup script on the server

tar -zxf servers.tar.gz -C /opt tar -zxf init-scripts.tar.gz -C /etc/init.d

Add Service

chkconfig --add nginxchkconfig --add mysqlchkconfig --add php-fpm

Create a Resource Directory

mkdir /wwwmkdir /www/databasemkdir /www/logsmkdir /www/svn-repos

Adjust Directory Permissions

chown www:www -R /wwwchown mysql:mysql -R /www/database

Environment Variable
Modify the/etc/profile file and add the following content to the end of the file.

PATH=$PATH:/opt/mysql/binPATH=$PATH:/opt/php/binPATH=$PATH:/opt/nginx/sbin

Run:./etc/profile
(Do not omit spaces in the middle)

Security Settings

SSH settings:
Modify/etc/ssh/sshd_config
1. disable root login: PermitRootLogin no
2. Disable Password Logon: PasswordAuthentication no
3. enable key login:

RSAAuthentication yesPubkeyAuthentication yesAuthorizedKeysFile .ssh/authorized_keys

Add the public key to. ssh/authorized_keys on the server. For details about how to generate the key and set it, refer:

Http://stevenz.blog.hexun.com/15798089_d.html

On the client, you can directly add the public key to the server using the following command:

cat??~/.ssh/id_rsa.pub | ssh?zhaoy@192.168.1.1?"cat - >> ~/.ssh/authorized_keys"

Restart sshd after execution.

service sshd restart

If you cannot log on, you can view the security log/var/log/secure to determine the cause of the problem.

Firewall settings:
Create the/etc/sysconfig/iptables file and add the following content:

*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 3690 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT

Only port 22, port 80, and port 3690 are opened. If there are other ports, you can add them by reference.

Original article address: Linode LNMP server environment configuration notes. Thank you for sharing them with me.